What you need to know about the CCPA, California’s new consumer privacy act

What you need to know about the CCPA, California’s new consumer privacy act

07 Nov 2019

By Caitlin Burns,DocsCorp Content Manager.

Even though California is home to some of the world’s most prominent data collectors (Facebook, Google) it has long been at the forefront of the data privacy movement in North America. Set on the heels of the General Data Protection Regulation (GDPR), Europe’s landmark consumer privacy law, the CCPA is set to cause another wave of changes to how companies in the United States do business.

What is the CCPA?

CCPA stands for the California Consumer Privacy Act. The CCPA is similar to the GDPR since it is designed to afford consumers greater fundamental rights over their data and personal information, which has been collected and used by businesses.

Whom does the CCPA apply to?

Your business doesn’t have to be located or headquartered in California to be subject to the CCPA. The regulation will apply to any company that has consumers located in California, and meets one or more of the following:

Has gross annual revenues in excess of USD$25 million;

Buys, receives, or sells the personal information of 50,000 or more consumers, households, or devices;

Derives 50 percent or more of annual revenues from selling consumers’ personal information.

When will the CCPA apply?

The CCPA will go into effect from the 1st of January 2020 and be enforceable from the 1st of July 2020. However, it is important to note that steps will have to be taken well before January 2020 to comply. Companies must be able to provide data for the previous 12 months to meet the legal requirements for access requests. It’s essential your business knows what data it has saved in its systems now and to ensure staff can access it quickly and reliably.

What kinds of penalties can be issued for non-compliance?

Financial penalties can be issued, and they will be based on the number of records affected. A non-intentional violation can cost your business up to USD$2,500 per records. This jumps to USD$7,500 per record if the breach is found to be intentional. Consumers can also file private actions, which could substantially increase the cost of non-compliance.